public function RequestSanitizerTest::testSanitizedDestinationPost in Drupal 8

Same name and namespace in other branches

9 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::testSanitizedDestinationPost()

Tests unacceptable destinations are removed from GET requests.

@dataProvider providerTestSanitizedDestinations

Parameters

string $destination: The destination string to test.

File

core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php, line 274

Class

RequestSanitizerTest: Tests RequestSanitizer class.

Namespace

Drupal\Tests\Core\Security

Code

public function testSanitizedDestinationPost($destination) {

  // Set up a POST request.
  $request = $this
    ->createRequestForTesting([], [
    'destination' => $destination,
  ]);
  $request = RequestSanitizer::sanitize($request, [], TRUE);
  $this
    ->assertNull($request->request
    ->get('destination', NULL));
  $this
    ->assertNull($request->query
    ->get('destination', NULL));
  $this
    ->assertArrayNotHasKey('destination', $_POST);
  $this
    ->assertArrayNotHasKey('destination', $_REQUEST);
  $this
    ->assertArrayNotHasKey('destination', $_GET);
  $this
    ->assertError('Potentially unsafe destination removed from request parameter bag because it points to an external URL.', E_USER_NOTICE);
}

You are here